Evaluating Dynamic Software Update Safety Using Systematic Testing

Dynamic software updating (DSU) systems patch programs on the fly without incurring downtime. To avoid failures due to the updating process itself, many DSU systems employ timing restrictions. However, timing restrictions are theoretically imperfect, and their practical effectiveness is an open question. This paper presents the first significant empirical evaluation of three popular timing restrictions: activeness safety (AS), which prevents updates to active functions, con-freeness safety (CFS), which only allows modifications to active functions when doing so is provably type-safe, and manual identification of the event-handling loops during which an update may occur. We evaluated these timing restrictions using a series of DSU patches to three programs: OpenSSH, vsftpd, and ngIRCd. We systematically applied updates at each distinct update point reached during execution of a suite of system tests for these programs to determine which updates pass and which fail. We found that all three timing restrictions prevented most failures, but only manual identification allowed none. Further, although CFS and AS allowed many more update points, manual identification still supported updates with minimal delay. Finally, we found that manual identification required the least developer effort. Overall, we conclude that manual identification is most effective.

[1]  Scott Nettles,et al.  Dynamic software updating , 2001, PLDI '01.

[2]  Min Xu ReTrace : Collecting Execution Trace with Virtual Machine Deterministic Replay , 2007 .

[3]  M. Dmitriev Towards Flexible and Safe Technology for Runtime Evolution of Java Language Applications , 2001 .

[4]  Gilad Bracha,et al.  Objects as Software Services , 2005 .

[5]  Samuel T. King,et al.  ReVirt: enabling intrusion analysis through virtual-machine logging and replay , 2002, OPSR.

[6]  Scott Shenker,et al.  Replay debugging for distributed applications , 2006 .

[7]  Christopher D. Walton,et al.  Abstract machines for dynamic computation , 2001 .

[8]  Sanjay Bhansali,et al.  Framework for instruction-level tracing and analysis of program executions , 2006, VEE '06.

[9]  Michael Hicks,et al.  Mutatis Mutandis : Safe and predictable dynamic software updating , 2007 .

[10]  Jeffrey S. Foster,et al.  A Testing Based Empirical Study of Dynamic Software Update Safety Restrictions , 2009 .

[11]  Shaz Qadeer,et al.  CHESS: A Systematic Testing Tool for Concurrent Software , 2007 .

[12]  Xuezheng Liu,et al.  Usenix Association 8th Usenix Symposium on Operating Systems Design and Implementation R2: an Application-level Kernel for Record and Replay , 2022 .

[13]  Iulian Neamtiu,et al.  Safe and timely updates to multi-threaded programs , 2009, PLDI '09.

[14]  Manuel Oriol,et al.  Practical dynamic software updating for C , 2006, PLDI '06.

[15]  Deepak Gupta,et al.  A Formal Framework for On-line Software Version Change , 1996, IEEE Trans. Software Eng..

[16]  Michael Hicks,et al.  Contextual effects for version-consistent dynamic software updating and safe concurrent programming , 2008, POPL '08.

[17]  I. Lee,et al.  DYMOS: a dynamic modification system , 1983, SIGSOFT '83.

[18]  Rida A. Bazzi,et al.  Immediate Multi-Threaded Dynamic Software Updates Using Stack Reconstruction , 2009, USENIX Annual Technical Conference.

[19]  Haibo Chen,et al.  POLUS: A POwerful Live Updating System , 2007, 29th International Conference on Software Engineering (ICSE'07).

[20]  Robert K. Brayton,et al.  Partial-Order Reduction in Symbolic State Space Exploration , 1997, CAV.

[21]  Andreas Podelski,et al.  Termination proofs for systems code , 2006, PLDI '06.

[22]  Insup Lee,et al.  DYMOS: a dynamic modification system , 1983 .

[23]  M. Frans Kaashoek,et al.  Ksplice: automatic rebootless kernel updates , 2009, EuroSys '09.

[24]  Joe Armstrong,et al.  Programming Erlang: Software for a Concurrent World , 1993 .

[25]  Kathryn S. McKinley,et al.  Dynamic software updates: a VM-centric approach , 2009, PLDI '09.

[26]  Andrew Schultz,et al.  OPUS: Online Patches and Updates for Security , 2005, USENIX Security Symposium.

[27]  Jeffrey S. Foster,et al.  Efficient systematic testing for dynamically updatable software , 2009, HotSWUp '09.

[28]  Michael Hicks,et al.  Safe and Timely Dynamic Updates for Multi-threaded Programs , 2009, PLDI 2009.

[29]  William Pugh,et al.  Unit testing concurrent software , 2007, ASE.

[30]  Kathryn S. McKinley,et al.  Dynamic Software Updates for Java : A VM-Centric Approach , 2008 .

[32]  Michael Hicks,et al.  State transfer for clear and efficient runtime updates , 2011, 2011 IEEE 27th International Conference on Data Engineering Workshops.

[33]  Yasushi Saito,et al.  Jockey: a user-space library for record-replay debugging , 2005, AADEBUG'05.